When Idrissa Diop, Director of Compliance at the African Export-Import Bank (Afreximbank), started his career, it was right at the end of the Dot-com bubble when most online and technology entities that had experienced a few years of growth had declared bankruptcy and faced liquidation.
In his words, compliance at the time meant you either perform or fail as countries such as the U.S. and those in Europe had strengthened regulations to avoid the speculation that had led to bubbles such as the Dotcom one.
Since then, the banking compliance role has evolved.
The New Times’ Business Editor Julius Bizimungu spoke exclusively with Diop to make sense of what the evolution of compliance means for banking regulation and consumer trust.
Below are excerpts:
How has the role of banking or financial compliance evolved over the years?
I think that compliance evolved from being seen as the police department of the bank to the solutionsprovider. When I started my career in 2005, we were coming out of the Dotcom crisis and regulationswere popping up all over the place, and personally, I moved from a function of internal auditor to compliance.
Progressively, this function has then gone on to provide value in terms of advice to the business. But also, in terms of feedback, to the regulator, for them to understand that often times, the way they think the operations are working may differ from their perspective, because the central bank is not on a day to day in a bank.
So, they (central bank) may come up with a regulation which does not necessarily align with bank regulations, and the compliance department provide valuable feedback to adjust that regulation.
Our primary role remains to ensure that the bank abides by the regulation, but we are also here to leverage from that regulation to provide advice to our businesses so that when they integrate aspects of the regulation (into their operations) to move fast, instead of starting the race and realizing that, oops, I did not take this into consideration.
So, the position of a compliance officer in a bank now is quite central as an advisor to the business, but also as a stakeholder of the regulator.
You would think that compliance has evolved for the better, but every after a few years we see financial scandals rising. Why is that?
The problem is that the market goes faster than the regulators. Take the CDS (credit default swaps), for instance, when these product innovations came to the market, people did not understand what banks were structuring.
And there were no regulations to capture volatility issues and to understand that banks were structuring products that were of bad quality. But when the crisis hit, then regulations came in.
Today, we are at the age of digital currency. We have bitcoins and other types of currencies which are not centrally managed. Those are bringing new types of risks that we need to adjust to.
There is always a gap between financial innovation and the way regulation adapts to it. That’s why, as compliance officers, we need to really understand product innovations and engage regulators early on, and that way we help regulators to close the gap between innovation and adaptation of the regulation.
With past crises and scandals, new global regulations have been put in place, including the Dodd Frank Act in the U.S. and Basel Framework. What difference have they made to the role of compliance?
The Dodd Frank in the U.S., harmonised regulations to fight money laundering, MiFID [Markets in Financial Instruments Directive] in Europe, or any regulation driven from the western part of the world was to try to bring discipline and ultimately protect the customer.
Whatever you do, there’s always a customer at the end. Regulators have always acted with the goal of protecting that ultimate customer. That’s why they created frameworks defining what can and cannot be done — setting limits, specifying what can be sold, how boards should be structured, and so on.
The compliance officer is the one who ensures these regulations are applied within the organisation. They are the eyes, ensuring that both regulatory and internal requirements are properly implemented.
This places compliance in a unique and central role. Compliance professionals must understand the bank’s strategy, products, IT systems, and core banking processes. They need to be everywhere, connecting information across departments and aligning it with the regulatory environment.
For example, if a new accounting system is implemented but fails to capture tax obligations correctly, the bank could face serious consequences, even risk losing its license. It’s the compliance officer’s job to ensure systems function as required by law.
In this way, compliance is a transversal, critical function in any financial institution. It requires both a broad, open-minded perspective and a deep understanding of regulatory expectations and the bank’s strategic direction.
From your experience, how would you assess the state of compliance across Africa?
In some smaller countries, without pointing fingers, there may be delays in aligning regulations with international best practices. This is evident, for example, in the area of anti–money laundering (AML), where some countries remain on the FATF grey list but are actively working to improve.
It’s not just about AML, though. It also relates to the capacity to implement frameworks such as Basel II and others, even if some aspects, like IFRS [International Financial Reporting Standards], are more closely monitored by external auditors.
Overall, the level of compliance in many African countries reflects the strength of their economies. Smaller economies tend to have regulatory frameworks that may not fully meet international standards, not necessarily outdated, but not completely aligned either.
This often ties back to political will. Countries that aim to attract investment must develop regulatory systems that both protect the economy and create a welcoming environment for investors.
It is, therefore, more accurate to say each country is at a different stage of progress. Even advanced countries face challenges, for instance, South Africa, a G20 member, remains on the FATF grey list, while Rwanda, a smaller economy, is not.
The countries that are doing better, what is it that they are doing that we can learn from them?
There’s also a political dimension to this. At the end of the day, if you want to paint your house blue, you paint it blue — if you don’t, you don’t.
In the same way, countries that understand that adopting international best practices will help their economies grow, creating jobs, industries, and opportunities, are choosing that path. Those that haven’t yet recognised this are moving more slowly.
Ultimately, political will is a key driver of compliance. Without it, progress is difficult to sustain.
Afreximbank will host a compliance forum in Kigali in November where artificial intelligence will be at the centre of the discussions. Why does AI really matter in compliance today?
AI has become a key pillar of compliance. Financial products are becoming increasingly complex, and compliance can no longer be managed manually. The volume of data we handle today is enormous, and AI helps us focus our attention on where the real risks lie. That’s the true value of integrating AI into compliance.
However, AI solutions are not all the same. Each institution must carefully choose the technology that fits its needs. The question is: can this AI system truly process and interpret your data in the way you need it to?
This is not a plug-and-play exercise. It requires a thorough evaluation to ensure the technology is compatible with your existing systems and that the data it analyzes accurately reflects your organization’s reality.
Yes, we need technology, and significant investment in compliance technology, but banks must do their homework before implementation. They need to challenge the vendors and test the systems thoroughly. Otherwise, you risk spending millions on a platform that turns out to be useless simply because the underlying data is poor.
That’s why data quality is fundamental. Before deploying AI, institutions must first clean and structure their data. Too often, our institutions suffer from weak or inconsistent data. It’s like buying a Rolls-Royce and filling it with water instead of fuel, the system won’t perform as intended.
Improving data quality is not only critical for compliance, but also from a business perspective. The better you know your customers, the better you can serve them. Once your data is clean and reliable, AI can truly deliver value, transforming information into insight and helping institutions manage both risk and growth more effectively.